With Desura soon to launch and begin accepting payments, site security has been totally overhauled to keep your accounts protected. This change affects ModDB, IndieDB and Desura. If you access these site via special applications like browser plugins, RSS readers or via many different browsers you may encounter some login issues, but for everyone else the site should run as per normal. Here what's new:

Limited login attempts. To many failures and you will have to wait.

To change your email address you will need to provide your password.

If your email or password is changed, you will receive an email notification.

Use once only tokenized security following best practices in use by sites like Twitter, Facebook etc.

If you are having difficulties logging in or staying logged in please post feedback in the comments, otherwise enjoy browsing the site as per normal! And remember NEVER tell anyone your username and password, not even site staff (we will never ask for it). We shall reset your password if you have forgotten it.

Essentially everytime your session is renewed I regenerate a random "persistent" login token. This token is continually changing so if someone copies this token they will only be able to continue using it until the next token in the chain is generated. The old system had no expiry date so multiple people could use the same details to login forever essentially.

Out of curiosity, are you guys now using link-hashes in _GET requests now?
Things such as group membership requests and mod tracking seemed like they could be CSRF'd the way it was before; I'm curious as to whether or not that has been addressed, or not.